idnits 2.17.1 draft-moskowitz-ecdsa-pki-09.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 4 instances of too long lines in the document, the longest one being 10 characters in excess of 72. == There are 2 instances of lines with non-RFC2606-compliant FQDNs in the document. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (August 9, 2020) is 1355 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Informational ---------------------------------------------------------------------------- -- Obsolete informational reference (is this intentional?): RFC 2818 (Obsoleted by RFC 9110) Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 wg TBD R. Moskowitz 3 Internet-Draft HTT Consulting 4 Intended status: Informational H. Birkholz 5 Expires: February 10, 2021 Fraunhofer SIT 6 L. Xia 7 Huawei 8 M. Richardson 9 Sandelman 10 August 9, 2020 12 Guide for building an ECC pki 13 draft-moskowitz-ecdsa-pki-09 15 Abstract 17 This memo provides a guide for building a PKI (Public Key 18 Infrastructure) using openSSL. All certificates in this guide are 19 ECDSA, P-256, with SHA256 certificates. Along with common End Entity 20 certificates, this guide provides instructions for creating IEEE 21 802.1AR iDevID Secure Device certificates. 23 Status of This Memo 25 This Internet-Draft is submitted in full conformance with the 26 provisions of BCP 78 and BCP 79. 28 Internet-Drafts are working documents of the Internet Engineering 29 Task Force (IETF). Note that other groups may also distribute 30 working documents as Internet-Drafts. The list of current Internet- 31 Drafts is at https://datatracker.ietf.org/drafts/current/. 33 Internet-Drafts are draft documents valid for a maximum of six months 34 and may be updated, replaced, or obsoleted by other documents at any 35 time. It is inappropriate to use Internet-Drafts as reference 36 material or to cite them other than as "work in progress." 38 This Internet-Draft will expire on February 10, 2021. 40 Copyright Notice 42 Copyright (c) 2020 IETF Trust and the persons identified as the 43 document authors. All rights reserved. 45 This document is subject to BCP 78 and the IETF Trust's Legal 46 Provisions Relating to IETF Documents 47 (https://trustee.ietf.org/license-info) in effect on the date of 48 publication of this document. Please review these documents 49 carefully, as they describe your rights and restrictions with respect 50 to this document. Code Components extracted from this document must 51 include Simplified BSD License text as described in Section 4.e of 52 the Trust Legal Provisions and are provided without warranty as 53 described in the Simplified BSD License. 55 Table of Contents 57 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 58 2. Terms and Definitions . . . . . . . . . . . . . . . . . . . . 3 59 2.1. Requirements Terminology . . . . . . . . . . . . . . . . 3 60 2.2. Notations . . . . . . . . . . . . . . . . . . . . . . . . 3 61 2.3. Definitions . . . . . . . . . . . . . . . . . . . . . . . 3 62 3. The Basic PKI feature set . . . . . . . . . . . . . . . . . . 4 63 4. Getting started and the Root level . . . . . . . . . . . . . 4 64 4.1. Setting up the Environment . . . . . . . . . . . . . . . 5 65 4.2. Create the Root Certificate . . . . . . . . . . . . . . . 6 66 5. The Intermediate level . . . . . . . . . . . . . . . . . . . 7 67 5.1. Setting up the Intermediate Certificate Environment . . . 7 68 5.2. Create the Intermediate Certificate . . . . . . . . . . . 8 69 5.3. Create a Server EE Certificate . . . . . . . . . . . . . 10 70 5.4. Create a Client EE Certificate . . . . . . . . . . . . . 10 71 6. The 802.1AR Intermediate level . . . . . . . . . . . . . . . 11 72 6.1. Setting up the 802.1AR Intermediate Certificate 73 Environment . . . . . . . . . . . . . . . . . . . . . . . 11 74 6.2. Create the 802.1AR Intermediate Certificate . . . . . . . 12 75 6.3. Create an 802.1AR iDevID Certificate . . . . . . . . . . 14 76 7. Setting up a CRL for an Intermediate CA . . . . . . . . . . . 15 77 7.1. Create (or recreate) the CRL . . . . . . . . . . . . . . 15 78 7.2. Revoke a Certificate . . . . . . . . . . . . . . . . . . 15 79 8. Setting up OCSP for an Intermediate CA . . . . . . . . . . . 16 80 8.1. Create the OCSP Certificate . . . . . . . . . . . . . . . 16 81 8.2. Revoke a Certificate . . . . . . . . . . . . . . . . . . 18 82 8.3. Testing OCSP with Openssl . . . . . . . . . . . . . . . . 18 83 9. Footnotes . . . . . . . . . . . . . . . . . . . . . . . . . . 19 84 9.1. Certificate Serial Number . . . . . . . . . . . . . . . . 19 85 9.2. Some OpenSSL config file limitations . . . . . . . . . . 20 86 9.3. subjectAltName support, or lack thereof . . . . . . . . . 20 87 9.4. DER support, or lack thereof . . . . . . . . . . . . . . 20 88 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 21 89 11. Security Considerations . . . . . . . . . . . . . . . . . . . 21 90 11.1. Adequate Randomness . . . . . . . . . . . . . . . . . . 21 91 11.2. Key pair Theft . . . . . . . . . . . . . . . . . . . . . 21 92 12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 22 93 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 22 94 13.1. Normative References . . . . . . . . . . . . . . . . . . 22 95 13.2. Informative References . . . . . . . . . . . . . . . . . 22 96 Appendix A. OpenSSL config files . . . . . . . . . . . . . . . . 23 97 A.1. OpenSSL Root config file . . . . . . . . . . . . . . . . 23 98 A.2. OpenSSL Intermediate config file . . . . . . . . . . . . 26 99 A.3. OpenSSL 802.1AR Intermediate config file . . . . . . . . 29 100 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 32 102 1. Introduction 104 The IETF has a plethora of security solutions targeted at IoT. Yet 105 all too many IoT products are deployed with no or improperly 106 configured security. In particular resource constrained IoT devices 107 and non-IP IoT networks have not been well served in the IETF. 109 Additionally, more IETF (e.g. DOTS, NETCONF) efforts are requiring 110 secure identities, but are vague on the nature of these identities 111 other than to recommend use of X.509 digital certificates and perhaps 112 TLS. 114 This effort provides the steps, using the openSSL application, to 115 create such a PKI of ECDSA certificates. The goal is that any 116 developer or tester can follow these steps, create the basic objects 117 needed and establish the validity of the standard/program design. 118 This guide can even be used to create a production PKi, though 119 additional steps need to be taken. This could be very useful to a 120 small vendor needing to include 802.1AR [IEEE.802.1AR_2009] iDevIDs 121 in their product. 123 This guide was tested with openSSL 1.1.0f on Fedora 26 and creates 124 PEM-based certificates. DER based certificates fails (see 125 Section 9.4). 127 2. Terms and Definitions 129 2.1. Requirements Terminology 131 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 132 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 133 document are to be interpreted as described in RFC 2119 [RFC2119]. 135 2.2. Notations 137 This section will contain notations 139 2.3. Definitions 141 There are no draft specific definitions at this time 143 3. The Basic PKI feature set 145 A basic pki has two levels of hierarchy: Root and Intermediate. The 146 Root level has the greatest risk, and is the least used. It only 147 signs the Intermediate level signing certificate. As such, once the 148 Root level is created and signs the Intermediate level certificate it 149 can be locked up. In fact, the Root level could exist completely on 150 a mSD boot card for an ARM small computer like a RaspberryPi. A copy 151 of this card came be made and securely stored in a different 152 location. 154 The Root level contains the Root certificate private key, a database 155 of all signed certificates, and the public certificate. It can also 156 contain the Intermediate level public certificate and a Root level 157 CRL. 159 The Intermediate level contains the Intermediate certificate private 160 key, the public certificate, a database of all signed certificates, 161 the certificate trust chain, and Intermediate level CRL. It can also 162 contain the End Entity public certificates. The private key file 163 needs to be keep securely. For example as with the Root level, a mSD 164 image for an ARM computer could contain the complete Intermediate 165 level. This image is kept offline. The End Entity CSR is copied to 166 it, signed, and then the signed certificate and updated database are 167 moved to the public image that lacks the private key. 169 For a simple test pki, all files can be kept on a single system that 170 is managed by the tester. 172 End Entities create a key pair and a Certificate Signing Request 173 (CSR). The private key is stored securely. The CSR is delivered to 174 the Intermediate level which uses the CSR to create the End Entity 175 certificate. This certificate, along with the trust chain back to 176 the root, is then returned to the End Entity. 178 There is more to a pki, but this suffices for most development and 179 testing needs. 181 4. Getting started and the Root level 183 This guide was developed on a Fedora 26 armv7hl system (Cubieboard2 184 SoC). It should work on most Linux and similar systems. All work 185 was done in a terminal window with extensive "cutting and pasting" 186 from a draft guide into the terminal window. Users of this guide may 187 find different behaviors based on their system. 189 4.1. Setting up the Environment 191 The first step is to create the pki environment. Modify the 192 variables to suit your needs. 194 file "setup1.sh" 196 # edit directory here, or override 197 export cadir=${cadir-/root/ca} 198 export rootca=${cadir}/root 199 export cfgdir=${cfgdir-$cadir} 200 export intdir=${cadir}/intermediate 201 export int1ardir=${cadir}/inter_1ar 202 export format=pem 203 export default_crl_days=65 205 mkdir -p $cadir/certs 206 mkdir -p $rootca 207 (cd $rootca 208 mkdir -p certs crl csr newcerts private 209 chmod 700 private 210 touch index.txt index.txt.attr 211 if [ ! -f serial ]; then echo 00 >serial; fi 212 ) 214 sn=8 216 # edit these to suit 217 countryName="/C=US" 218 stateOrProvinceName="/ST=MI" 219 localityName="/L=Oak Park" 220 organizationName="/O=HTT Consulting" 221 #organizationalUnitName="/OU=" 222 organizationalUnitName= 223 commonName="/CN=Root CA" 224 DN=$countryName$stateOrProvinceName$localityName 225 DN=$DN$organizationName$organizationalUnitName$commonName 227 echo $DN 228 export subjectAltName=email:postmaster@htt-consult.com 230 export default_crl_days=2048 231 233 Where: 235 dir 236 Directory for certificate files 238 cadir 239 Directory for Root certificate files 241 Format 242 File encoding: PEM or DER 243 At this time only PEM works 245 sn 246 Serial Number length in bytes 247 For a public CA the range is 8 to 19 249 The Serial Number length for a public pki ranges from 8 to 19 bytes. 250 The use of 19 rather than 20 is to accommodate the hex representation 251 of the Serial Number. If it has a one in the high order bit, DER 252 encoding rules will place a 0x00 in front. 254 The DN and SAN fields are examples. Change them to appropriate 255 values. If you leave one blank, it will be left out of the 256 Certificate. "OU" above is an example of an empty DN object. 258 Create the file, $dir/openssl-root.cnf from the contents in 259 Appendix A.1. 261 4.2. Create the Root Certificate 263 Next are the openssl commands to create the Root certificate keypair, 264 and the Root certificate. Included are commands to view the file 265 contents. 267 file "rootcert.sh" 268 # Create passworded keypair file 270 if [ ! -f $rootca/private/ca.key.$format ]; then 271 echo GENERATING KEY 272 openssl genpkey $pass -aes256 -algorithm ec\ 273 -pkeyopt ec_paramgen_curve:prime256v1\ 274 -outform $format -pkeyopt ec_param_enc:named_curve\ 275 -out $rootca/private/ca.key.$format 276 chmod 400 $rootca/private/ca.key.$format 277 openssl pkey $passin -inform $format -in $rootca/private/ca.key.$format\ 278 -text -noout 279 fi 281 # Create Self-signed Root Certificate file 282 # 7300 days = 20 years; Intermediate CA is 10 years. 284 echo GENERATING and SIGNING REQ 285 openssl req -config $cfgdir/openssl-root.cnf $passin \ 286 -set_serial 0x$(openssl rand -hex $sn)\ 287 -keyform $format -outform $format\ 288 -key $rootca/private/ca.key.$format -subj "$DN"\ 289 -new -x509 -days 7300 -sha256 -extensions v3_ca\ 290 -out $cadir/certs/ca.cert.$format 292 # 294 openssl x509 -inform $format -in $cadir/certs/ca.cert.$format\ 295 -text -noout 296 openssl x509 -purpose -inform $format\ 297 -in $cadir/certs/ca.cert.$format -inform $format 298 300 5. The Intermediate level 302 5.1. Setting up the Intermediate Certificate Environment 304 The next part is to create the Intermediate pki environment. Modify 305 the variables to suit your needs. In particular, set the variables 306 for CRL and/or OCSP support. 308 file "intermediate_setup.sh" 310 export intdir=${intdir-$cadir/intermediate} 311 mkdir -p $intdir 313 ( 314 cd $intdir 315 mkdir -p certs crl csr newcerts private 316 chmod 700 private 317 touch index.txt index.txt.attr 318 if [ ! -f serial ]; then echo 00 >serial; fi 319 ) 321 sn=8 # hex 8 is minimum, 19 is maximum 322 echo 1000 > $intdir/crlnumber 324 # cd $dir 325 export crlDP= 326 # For CRL support use uncomment these: 327 #crl=intermediate.crl.pem 328 #crlurl=www.htt-consult.com/pki/$crl 329 #export crlDP="URI:http://$crlurl" 330 export default_crl_days=30 331 export ocspIAI= 332 # For OCSP support use uncomment these: 333 #ocspurl=ocsp.htt-consult.com 334 #export ocspIAI="OCSP;URI:http://$ocspurl" 336 commonName="/CN=Signing CA" 337 DN=$countryName$stateOrProvinceName$localityName$organizationName 338 DN=$DN$organizationalUnitName$commonName 339 echo $DN 341 343 Create the file, $dir/openssl-intermediate.cnf from the contents in 344 Appendix A.2. Uncomment lines for crlDistributionPoints and 345 authorityInfoAccess if using CRLs or OSCP repectfully. 347 5.2. Create the Intermediate Certificate 349 Here are the openssl commands to create the Intermediate certificate 350 keypair, Intermediate certificate signed request (CSR), and the 351 Intermediate certificate. Included are commands to view the file 352 contents. 354 file "intermediate_cert.sh" 355 # Create passworded keypair file 356 if [ ! -f $intdir/private/intermediate.key.$format ]; then 357 echo GENERATING intermediate KEY 358 openssl genpkey $pass -aes256 -algorithm ec \ 359 -pkeyopt ec_paramgen_curve:prime256v1 \ 360 -outform $format -pkeyopt ec_param_enc:named_curve\ 361 -out $intdir/private/intermediate.key.$format 362 chmod 400 $intdir/private/intermediate.key.$format 363 openssl pkey $passin -inform $format\ 364 -in $intdir/private/intermediate.key.$format -text -noout 365 fi 367 # Create the CSR 369 echo GENERATING and SIGNING REQ intermediate 370 openssl req -config $cfgdir/openssl-root.cnf $passin \ 371 -key $intdir/private/intermediate.key.$format -batch \ 372 -keyform $format -outform $format -subj "$DN" -new -sha256\ 373 -out $intdir/csr/intermediate.csr.$format 374 openssl req -text -noout -verify -inform $format\ 375 -in $intdir/csr/intermediate.csr.$format 377 # Create Intermediate Certificate file 379 openssl rand -hex $sn > $intdir/serial # hex 8 is minimum, 19 is maximum 381 if [ ! -f $cadir/certs/intermediate.cert.pem ]; then 382 # Note 'openssl ca' does not support DER format 383 openssl ca -config $cfgdir/openssl-root.cnf -days 3650 $passin \ 384 -extensions v3_intermediate_ca -notext -md sha256 -batch \ 385 -in $intdir/csr/intermediate.csr.$format\ 386 -out $cadir/certs/intermediate.cert.pem 387 chmod 444 $cadir/certs/intermediate.cert.$format 388 rm -f $cadir/certs/ca-chain.cert.$format 389 fi 391 openssl verify -CAfile $cadir/certs/ca.cert.$format\ 392 $cadir/certs/intermediate.cert.$format 394 openssl x509 -noout -text -in $cadir/certs/intermediate.cert.$format 396 # Create the certificate chain file 398 if [ ! -f $cadir/certs/ca-chain.cert.$format ]; then 399 cat $cadir/certs/intermediate.cert.$format\ 400 $cadir/certs/ca.cert.$format > $cadir/certs/ca-chain.cert.$format 401 chmod 444 $cadir/certs/ca-chain.cert.$format 402 fi 403 405 5.3. Create a Server EE Certificate 407 Here are the openssl commands to create a Server End Entity 408 certificate keypair, Server certificate signed request (CSR), and the 409 Server certificate. Included are commands to view the file contents. 411 file "end-server.sh" 413 commonName= 414 DN=$countryName$stateOrProvinceName$localityName 415 DN=$DN$organizationName$organizationalUnitName$commonName 416 echo $DN 417 serverfqdn=www.example.com 418 emailaddr=postmaster@htt-consult.com 419 export subjectAltName="DNS:$serverfqdn, email:$emailaddr" 420 echo $subjectAltName 421 openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:prime256v1\ 422 -pkeyopt ec_param_enc:named_curve\ 423 -out $dir/private/$serverfqdn.key.$format 424 chmod 400 $dir/private/$serverfqdn.$format 425 openssl pkey -in $dir/private/$serverfqdn.key.$format -text -noout 426 openssl req -config $dir/openssl-intermediate.cnf\ 427 -key $dir/private/$serverfqdn.key.$format \ 428 -subj "$DN" -new -sha256 -out $dir/csr/$serverfqdn.csr.$format 430 openssl req -text -noout -verify -in $dir/csr/$serverfqdn.csr.$format 432 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 433 # Note 'openssl ca' does not support DER format 434 openssl ca -config $dir/openssl-intermediate.cnf -days 375\ 435 -extensions server_cert -notext -md sha256 \ 436 -in $dir/csr/$serverfqdn.csr.$format\ 437 -out $dir/certs/$serverfqdn.cert.$format 438 chmod 444 $dir/certs/$serverfqdn.cert.$format 440 openssl verify -CAfile $dir/certs/ca-chain.cert.$format\ 441 $dir/certs/$serverfqdn.cert.$format 442 openssl x509 -noout -text -in $dir/certs/$serverfqdn.cert.$format 444 446 5.4. Create a Client EE Certificate 448 Here are the openssl commands to create a Client End Entity 449 certificate keypair, Client certificate signed request (CSR), and the 450 Client certificate. Included are commands to view the file contents. 452 file "end-client-dn.sh" 453 commonName= 454 UserID="/UID=rgm" 455 DN=$countryName$stateOrProvinceName$localityName 456 DN=$DN$organizationName$organizationalUnitName$commonName$UserID 457 echo $DN 458 clientemail=rgm@example.com 459 461 file "end-client.sh" 462 export subjectAltName="email:$clientemail" 463 echo $subjectAltName 465 if [ ! -f $intdir/private/$clientemail.key.$format ]; then 466 openssl genpkey $pass -algorithm ec -pkeyopt ec_paramgen_curve:prime256v1\ 467 -pkeyopt ec_param_enc:named_curve\ 468 -out $intdir/private/$clientemail.key.$format 469 chmod 400 $intdir/private/$clientemail.key.$format 470 openssl pkey $passin -in $intdir/private/$clientemail.key.$format -text -noout 471 fi 473 openssl req -config $cfgdir/openssl-intermediate.cnf $passin \ 474 -key $intdir/private/$clientemail.key.$format \ 475 -subj "$DN" -new -sha256 -out $intdir/csr/$clientemail.csr.$format 477 openssl req -text -noout -verify\ 478 -in $intdir/csr/$clientemail.csr.$format 480 openssl rand -hex $sn > $intdir/serial # hex 8 is minimum, 19 is maximum 481 # Note 'openssl ca' does not support DER format 482 openssl ca -config $cfgdir/openssl-intermediate.cnf -days 375\ 483 -extensions usr_cert -notext -md sha256 $passin \ 484 -in $intdir/csr/$clientemail.csr.$format -batch\ 485 -out $cadir/certs/$clientemail.cert.$format 486 chmod 444 $cadir/certs/$clientemail.cert.$format 488 openssl verify -CAfile $cadir/certs/ca-chain.cert.$format\ 489 $cadir/certs/$clientemail.cert.$format 490 openssl x509 -noout -text -in $cadir/certs/$clientemail.cert.$format 491 493 6. The 802.1AR Intermediate level 495 6.1. Setting up the 802.1AR Intermediate Certificate Environment 497 The next part is to create the 802.1AR Intermediate pki environment. 498 This is very similar to the Intermediate pki environment. Modify the 499 variables to suit your needs. 501 file "intermediate_1ar_setup.sh" 502 export dir=$cadir/8021ARintermediate 503 mkdir $dir 504 cd $dir 505 mkdir certs crl csr newcerts private 506 chmod 700 private 507 touch index.txt 508 sn=8 # hex 8 is minimum, 19 is maximum 509 echo 1000 > $dir/crlnumber 511 # cd $dir 512 export crlDP= 513 # For CRL support use uncomment these: 514 #crl=8021ARintermediate.crl.pem 515 #crlurl=www.htt-consult.com/pki/$crl 516 #export crlDP="URI:http://$crlurl" 517 export default_crl_days=30 518 export ocspIAI= 519 # For OCSP support use uncomment these: 520 #ocspurl=ocsp.htt-consult.com 521 #export ocspIAI="OCSP;URI:http://$ocspurl" 523 countryName="/C=US" 524 stateOrProvinceName="/ST=MI" 525 localityName="/L=Oak Park" 526 organizationName="/O=HTT Consulting" 527 organizationalUnitName="/OU=Devices" 528 #organizationalUnitName= 529 commonName="/CN=802.1AR CA" 530 DN=$countryName$stateOrProvinceName$localityName$organizationName 531 DN=$DN$organizationalUnitName$commonName 532 echo $DN 533 export subjectAltName=email:postmaster@htt-consult.com 534 echo $subjectAltName 535 537 Create the file, $dir/openssl-8021ARintermediate.cnf from the 538 contents in Appendix A.3. Uncomment lines for crlDistributionPoints 539 and authorityInfoAccess if using CRLs or OSCP repectfully. 541 6.2. Create the 802.1AR Intermediate Certificate 543 Here are the openssl commands to create the 802.1AR Intermediate 544 certificate keypair, 802.1AR Intermediate certificate signed request 545 (CSR), and the 802.1AR Intermediate certificate. Included are 546 commands to view the file contents. 548 file "intermediate_1ar_cert.sh" 549 # Create passworded keypair file 551 openssl genpkey -aes256 -algorithm ec\ 552 -pkeyopt ec_paramgen_curve:prime256v1 \ 553 -outform $format -pkeyopt ec_param_enc:named_curve\ 554 -out $dir/private/8021ARintermediate.key.$format 555 chmod 400 $dir/private/8021ARintermediate.key.$format 556 openssl pkey -inform $format\ 557 -in $dir/private/8021ARintermediate.key.$format -text -noout 559 # Create the CSR 561 openssl req -config $cadir/openssl-root.cnf\ 562 -key $dir/private/8021ARintermediate.key.$format \ 563 -keyform $format -outform $format -subj "$DN" -new -sha256\ 564 -out $dir/csr/8021ARintermediate.csr.$format 565 openssl req -text -noout -verify -inform $format\ 566 -in $dir/csr/8021ARintermediate.csr.$format 568 # Create 802.1AR Intermediate Certificate file 569 # The following does NOT work for DER 571 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 572 # Note 'openssl ca' does not support DER format 573 openssl ca -config $cadir/openssl-root.cnf -days 3650\ 574 -extensions v3_intermediate_ca -notext -md sha256\ 575 -in $dir/csr/8021ARintermediate.csr.$format\ 576 -out $dir/certs/8021ARintermediate.cert.pem 578 chmod 444 $dir/certs/8021ARintermediate.cert.$format 580 openssl verify -CAfile $cadir/certs/ca.cert.$format\ 581 $dir/certs/8021ARintermediate.cert.$format 583 openssl x509 -noout -text\ 584 -in $dir/certs/8021ARintermediate.cert.$format 586 # Create the certificate chain file 588 cat $dir/certs/8021ARintermediate.cert.$format\ 589 $cadir/certs/ca.cert.$format > $dir/certs/ca-chain.cert.$format 590 chmod 444 $dir/certs/ca-chain.cert.$format 592 594 6.3. Create an 802.1AR iDevID Certificate 596 Here are the openssl commands to create a 802.1AR iDevID certificate 597 keypair, iDevID certificate signed request (CSR), and the iDevID 598 certificate. Included are commands to view the file contents. 600 file "idevid-csr-cert.sh" 602 DevID=Wt1234 603 countryName= 604 stateOrProvinceName= 605 localityName= 606 organizationName="/O=HTT Consulting" 607 organizationalUnitName="/OU=Devices" 608 commonName= 609 serialNumber="/serialNumber=$DevID" 610 DN=$countryName$stateOrProvinceName$localityName 611 DN=$DN$organizationName$organizationalUnitName$commonName 612 DN=$DN$serialNumber 613 echo $DN 615 # hwType is OID for HTT Consulting, devices, sensor widgets 616 export hwType=1.3.6.1.4.1.6715.10.1 617 export hwSerialNum=01020304 # Some hex 618 export subjectAltName="otherName:1.3.6.1.5.5.7.8.4;SEQ:hmodname" 619 echo $hwType - $hwSerialNum 621 if [ ! -f $dir/private/$DevID.key.$format ]; then 622 openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:prime256v1\ 623 -pkeyopt ec_param_enc:named_curve\ 624 -out $dir/private/$DevID.key.$format 625 chmod 400 $dir/private/$DevID.key.$format 626 fi 628 openssl pkey -in $dir/private/$DevID.key.$format -text -noout 629 openssl req -config $cfgdir/openssl-8021ARintermediate.cnf\ 630 -key $dir/private/$DevID.key.$format \ 631 -subj "$DN" -new -sha256 -out $dir/csr/$DevID.csr.$format 633 openssl req -text -noout -verify\ 634 -in $dir/csr/$DevID.csr.$format 635 openssl asn1parse -i -in $dir/csr/$DevID.csr.pem 636 # offset of start of hardwareModuleName and use that in place of 189 637 openssl asn1parse -i -strparse 189 -in $dir/csr/$DevID.csr.pem 639 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 640 # Note 'openssl ca' does not support DER format 641 openssl ca -config $cfgdir/openssl-8021ARintermediate.cnf -days 375\ 642 -extensions 8021ar_idevid -notext -md sha256 \ 643 -in $dir/csr/$DevID.csr.$format\ 644 -out $dir/certs/$DevID.cert.$format 645 chmod 444 $dir/certs/$DevID.cert.$format 647 openssl verify -CAfile $dir/certs/ca-chain.cert.$format\ 648 $dir/certs/$DevID.cert.$format 649 openssl x509 -noout -text -in $dir/certs/$DevID.cert.$format 650 openssl asn1parse -i -in $dir/certs/$DevID.cert.pem 652 # offset of start of hardwareModuleName and use that in place of 493 653 openssl asn1parse -i -strparse 493 -in $dir/certs/$DevID.cert.pem 655 657 7. Setting up a CRL for an Intermediate CA 659 This part provides CRL support to an Intermediate CA. In this memo 660 it applies to both Intermediate CAs. Set the crlDistributionPoints 661 as provided via the environment variables. 663 7.1. Create (or recreate) the CRL 665 It is simple to create the CRL. The CRL consists of the certificates 666 flagged with an R (Revoked) in index.txt: 668 file "crl-creation.sh" 670 # Select which Intermediate level 671 intermediate=intermediate 672 #intermediate=8021ARintermediate 673 dir=$cadir/$intermediate 674 crl=$intermediate.crl.pem 676 # Create CRL file 677 openssl ca -config $dir/openssl-$intermediate.cnf \ 678 -gencrl -out $dir/crl/$crl 679 chmod 444 $dir/crl/$crl 681 openssl crl -in $dir/crl/$crl -noout -text 683 685 7.2. Revoke a Certificate 687 Revoking a certificate is a two step process. First identify the 688 target certificate, examples are listed below. Revoke it then 689 publish a new CRL. 691 file "revoke-step1.sh" 693 targetcert=fqdn 694 #targetcert=clientemail 695 #targetcert=DevID 697 openssl ca -config $dir/openssl-$intermediate.cnf\ 698 -revoke $dir/certs/$targetcert.cert.$format 700 702 Recreate the CRL using Section 7.1. 704 8. Setting up OCSP for an Intermediate CA 706 This part provides OCSP support to an Intermediate CA. In this memo 707 it applies to both Intermediate CAs. Set the authorityInfoAccess as 708 provided via the environment variables. 710 8.1. Create the OCSP Certificate 712 OCSP needs a signing certificate. This certificate must be signed by 713 the CA that signed the certificate being checked. The steps to 714 create this certificate is the similar to a Server certificate for 715 the CA: 717 file "ocsp-setup.sh" 719 # Select which Intermediate level 720 intermediate=intermediate 721 #intermediate=8021ARintermediate 722 # Optionally, password encrypt key pair 723 encryptkey= 724 #encryptkey=-aes256 726 # Create the key pair in Intermediate level $intermediate 727 cd $dir 728 openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:prime256v1\ 729 $encryptkey -pkeyopt ec_param_enc:named_curve\ 730 -out $dir/private/$ocspurl.key.$format 731 chmod 400 $dir/private/$ocspurl.$format 732 openssl pkey -in $dir/private/$ocspurl.key.$format -text -noout 734 # Create CSR 735 commonName= 736 DN=$countryName$stateOrProvinceName$localityName 737 DN=$DN$organizationName$organizationalUnitName$commonName 738 echo $DN 739 emailaddr=postmaster@htt-consult.com 740 export subjectAltName="DNS:$ocspurl, email:$emailaddr" 741 echo $subjectAltName 742 openssl req -config $dir/openssl-$intermediate.cnf\ 743 -key $dir/private/$ocspurl.key.$format \ 744 -subj "$DN" -new -sha256 -out $dir/csr/$ocspurl.csr.$format 746 openssl req -text -noout -verify -in $dir/csr/$ocspurl.csr.$format 748 # Create Certificate 750 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 751 # Note 'openssl ca' does not support DER format 752 openssl ca -config $dir/openssl-$intermediate.cnf -days 375\ 753 -extensions ocsp -notext -md sha256 \ 754 -in $dir/csr/$ocspurl.csr.$format\ 755 -out $dir/certs/$ocspurl.cert.$format 756 chmod 444 $dir/certs/$ocspurl.cert.$format 758 openssl verify -CAfile $dir/certs/ca-chain.cert.$format\ 759 $dir/certs/$ocspurl.cert.$format 760 openssl x509 -noout -text -in $dir/certs/$ocspurl.cert.$format 762 764 8.2. Revoke a Certificate 766 Revoke the certificate as in Section 7.2. The OCSP responder SHOULD 767 detect the flag change in index.txt and, when queried respond 768 appropriately. 770 8.3. Testing OCSP with Openssl 772 OpenSSL provides a simple OCSP service that can be used to test the 773 OCSP certificate and revocation process (Note that this only reads 774 the index.txt to get the certificate status at startup). 776 In a terminal window, set variables dir and ocspurl (examples below), 777 then run the simple OCSP service: 779 file "run-ocsp-server.sh" 781 dir=/root/ca/intermediate 782 ocspurl=ocsp.htt-consult.com 784 openssl ocsp -port 2560 -text -rmd sha256\ 785 -index $dir/index.txt \ 786 -CA $dir/certs/ca-chain.cert.pem \ 787 -rkey $dir/private/$ocspurl.key.pem \ 788 -rsigner $dir/certs/$ocspurl.cert.pem \ 789 -nrequest 1 791 793 In another window, test out a certificate status with: 795 file "test-ocsp-server.sh" 797 targetcert=fqdn 798 #targetcert=clientemail 799 #targetcert=DevID 801 openssl ocsp -CAfile $dir/certs/ca-chain.cert.pem \ 802 -url http://127.0.0.1:2560 -resp_text -sha256\ 803 -issuer $dir/certs/$intermediate.cert.pem \ 804 -cert $dir/certs/$targetcert.cert.pem 806 808 Revoke the certificate, Section 7.2, restart the test Responder again 809 as above, then check the certificate status. 811 9. Footnotes 813 Creating this document was a real education in the state of openSSL, 814 X.509 certificate guidance, and just general level of certificate 815 awareness. Here are a few short notes. 817 9.1. Certificate Serial Number 819 The certificate serial number's role is to provide yet another way to 820 maintain uniqueness of certificates within a pki as well as a way to 821 index them in a data store. It has taken on other roles, most 822 notably as a defense. 824 The CABForum guideline for a public CA is for the serial number to be 825 a random number at least 8 octets long and no longer than 20 bytes. 826 By default, openssl makes self-signed certificates with 8 octet 827 serial numbers. This guide uses openssl's RAND function to generate 828 the random value and pipe it into the -set_serial option. This 829 number MAY have the first bit as a ONE; the DER encoding rules 830 prepend such numbers with 0x00. Thus the limit of '19' for the 831 variable 'ns'. 833 A private CA need not follow the CABForum rules and can use anything 834 number for the serial number. For example, the root CA (which has no 835 security risks mitigated by using a random value) could use '1' as 836 its serial number. Intermediate and End Entity certificate serial 837 numbers can also be of any value if a strong hash, like SHA256 used 838 here. A value of 4 for ns would provide a sufficient population so 839 that a CA of 10,000 EE certificates will have only a 1.2% probability 840 of a collision. For only 1,000 certificates the probability drops to 841 0.012%. 843 The following was proposed on the openssl-user list as an alternative 844 to using the RAND function: 846 Keep k bits (k/8 octets) long serial numbers for all your 847 certificates, chose a block cipher operating on blocks of k bits, and 848 operate this block cipher in CTR mode, with a proper secret key and 849 secret starting counter. That way, no collision detection is 850 necessary, you'll be able to generate 2^(k/2) unique k bits longs 851 serial numbers (in fact, you can generate 2^k unique serial numbers, 852 but after 2^(k/2) you lose some security guarantees). 854 With 3DES, k=64, and with AES, k=128. 856 9.2. Some OpenSSL config file limitations 858 There is a bit of inconsistency in how different parts and fields in 859 the config file are used. Environment variables can only be used as 860 values. Some fields can have null values, others cannot. The lack 861 of allowing null fields means a script cannot feed in an environment 862 variable with value null. In such a case, the field has to be 863 removed from the config file. 865 The expectation is each CA within a PKI has its own config file, 866 customized to the certificates supported by that CA. 868 9.3. subjectAltName support, or lack thereof 870 There is no direct openssl command line option to provide a 871 subjectAltName for a certificate. This is a serious limitation. Per 872 RFC 2818 [RFC2818] SAN is the object for providing email addresses 873 and DNS addresses (FQDN), yet the common practice has been to use the 874 commonName object within the distinguishedName object. How much of 875 this is due to the difficulty in creating certificates with a SAN? 877 Thus the only way to provide a SAN is through the config file. And 878 there are two approaches. This document uses an environment variable 879 to provide the SAN value into the config file. Another approach is 880 to use piping as in: 882 file "san-creation-pipe.sh" 883 openssl req -new -sha256 -key domain.key\ 884 -subj "/C=US/ST=CA/O=Acme, Inc./CN=foo.com" -reqexts SAN\ 885 -config <(cat /etc/ssl/openssl.cnf\ 886 <(printf "[SAN]\nsubjectAltName=DNS:foo.com,DNS:www.foo.com"))\ 887 -out domain.csr 889 891 9.4. DER support, or lack thereof 893 The long, hard-fought battle with openssl to create a full DER pki 894 failed. The is no facility to create a DER certificate from a DER 895 CSR. It just is not there in the 'openssl ca' command. Even the 896 'openssl x509 -req' command cannot do this for a simple certificate. 898 Further, there is no 'hack' for making a certificate chain as there 899 is with PEM. With PEM a simple concatenation of the certificates 900 create a usable certificate chain. For DER, some recommend using 901 PKCS#7 [RFC2315], where others point out that this format is poorly 902 support 'in the field', whereas PKCS#12 [RFC7292] works for them. 904 Finally, openssl does supports converting a PEM certificate to DER: 906 openssl x509 -outform der -in certificate.pem -out certificate.der 908 This should also work for the keypair. However, in a highly 909 constrained device it may make more sense to just store the raw 910 keypair in the device's very limited secure storage. 912 10. IANA Considerations 914 TBD. May be nothing for IANA. 916 11. Security Considerations 918 11.1. Adequate Randomness 920 Creating certificates takes a lot of random numbers. A good source 921 of random numbers is critical. Studies [WeakKeys] have found 922 excessive amount of certificates, all with the same keys due to bad 923 randomness on the generating systems. The amount of entropy 924 available for these random numbers can be tested. On Fedora/Centos 925 and most Linux systems use: 927 cat /proc/sys/kernel/random/entropy_avail 929 If the value is low (below 1000) check your system's randomness 930 source. Is rng-tools installed? Consider adding an entropy 931 collection service like haveged from issihosts.com/haveged. 933 11.2. Key pair Theft 935 During the certificate creation, particularly during keypair 936 generation, the files are vulnerable to theft. This can be mitigate 937 using umask. Before using openssl, set umask: 939 restore_mask=$(umask -p) 940 umask 077 942 Afterwards, restore it with: 944 $restore_mask 946 or just close the shell that was used, and start a new one. (The -p 947 option to umask is a bash-ism) 948 There is nothing in these recipes that requires super-user on the 949 system creating the certificates. Provided that adequate randomness 950 is available, a virtual machine or container is entirely appropriate. 951 Containers tend to have better access to randomness than virtual 952 machines. 954 The scripts and configuration files and in particular, private keys, 955 may be kept offline on a USB key for instance, and loaded when 956 needed. 958 The OCSP server needs to be online and available to all clients that 959 will use the certificates. This may mean available on the Internet. 960 A firewall can protect the OCSP server, and port-forwards and/or ACL 961 rules can restrict access to just the OCSP port. OCSP artifacts are 962 signed by a key designed for that purpose only so do not require that 963 the associated CA key be available online. 965 Generating new CRLs, however, requires that the CA signing key be 966 online, which is one of the reasons for creating an intermediate CA. 968 12. Acknowledgments 970 This work was jump started by the excellent RSA pki guide by Jamie 971 Nguyen. The openssl-user mailing list, with its many supportive 972 experts; in particular: Rich Salz, Jakob Bolm, Viktor Dukhovni, and 973 Erwann Abalea, was of immense help as was the openssl man pages 974 website. 976 Finally, "Professor Google" was always ready to point to answers to 977 questions like: "openssl subjectAltName on the command line". And 978 the Professor, it seems, never tires of answering even trivial 979 questions. 981 13. References 983 13.1. Normative References 985 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 986 Requirement Levels", BCP 14, RFC 2119, 987 DOI 10.17487/RFC2119, March 1997, 988 . 990 13.2. Informative References 992 [IEEE.802.1AR_2009] 993 IEEE, "IEEE Standard for Local and metropolitan area 994 networks - Secure Device Identity", IEEE 802.1AR-2009, 995 DOI 10.1109/ieeestd.2009.5367679, December 2009, 996 . 999 [RFC2315] Kaliski, B., "PKCS #7: Cryptographic Message Syntax 1000 Version 1.5", RFC 2315, DOI 10.17487/RFC2315, March 1998, 1001 . 1003 [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, 1004 DOI 10.17487/RFC2818, May 2000, 1005 . 1007 [RFC7292] Moriarty, K., Ed., Nystrom, M., Parkinson, S., Rusch, A., 1008 and M. Scott, "PKCS #12: Personal Information Exchange 1009 Syntax v1.1", RFC 7292, DOI 10.17487/RFC7292, July 2014, 1010 . 1012 [WeakKeys] 1013 Heninger, N., Durumeric, Z., Wustrow, E., and J. 1014 Halderman, "Detection of Widespread Weak Keys in Network 1015 Devices", July 2011, 1016 . 1019 Appendix A. OpenSSL config files 1021 A.1. OpenSSL Root config file 1023 The following is the openssl-root.cnf file contents 1025 # OpenSSL root CA configuration file. 1026 # Copy to `$dir/openssl.cnf`. 1028 [ ca ] 1029 # `man ca` 1030 default_ca = CA_default 1032 [ CA_default ] 1033 # Directory and file locations. 1034 dir = $ENV::rootca 1035 cadir = $ENV::cadir 1036 format = $ENV::format 1038 certs = $dir/certs 1039 crl_dir = $dir/crl 1040 new_certs_dir = $dir/newcerts 1041 database = $dir/index.txt 1042 serial = $dir/serial 1043 RANDFILE = $dir/private/.rand 1045 # The root key and root certificate. 1046 private_key = $dir/private/ca.key.$format 1047 certificate = $cadir/certs/ca.cert.$format 1049 # For certificate revocation lists. 1050 crlnumber = $dir/crlnumber 1051 crl = $dir/crl/ca.crl.pem 1052 crl_extensions = crl_ext 1053 default_crl_days = 30 1055 # SHA-1 is deprecated, so use SHA-2 instead. 1056 default_md = sha256 1058 name_opt = ca_default 1059 cert_opt = ca_default 1060 default_days = 375 1061 preserve = no 1062 policy = policy_strict 1063 copy_extensions = copy 1065 [ policy_strict ] 1066 # The root CA should only sign intermediate certificates that match. 1067 # See the POLICY FORMAT section of `man ca`. 1068 countryName = optional 1069 stateOrProvinceName = optional 1070 organizationName = optional 1071 organizationalUnitName = optional 1072 commonName = optional 1074 [ policy_loose ] 1075 # Allow the intermediate CA to sign a more 1076 # diverse range of certificates. 1077 # See the POLICY FORMAT section of the `ca` man page. 1078 countryName = optional 1079 stateOrProvinceName = optional 1080 localityName = optional 1081 organizationName = optional 1082 organizationalUnitName = optional 1083 commonName = optional 1085 [ req ] 1086 # Options for the `req` tool (`man req`). 1087 default_bits = 2048 1088 distinguished_name = req_distinguished_name 1089 string_mask = utf8only 1090 req_extensions = req_ext 1092 # SHA-1 is deprecated, so use SHA-2 instead. 1093 default_md = sha256 1095 # Extension to add when the -x509 option is used. 1096 x509_extensions = v3_ca 1098 [ req_distinguished_name ] 1099 # See . 1100 countryName = Country Name (2 letter code) 1101 stateOrProvinceName = State or Province Name 1102 localityName = Locality Name 1103 0.organizationName = Organization Name 1104 organizationalUnitName = Organizational Unit Name 1105 commonName = Common Name 1107 # Optionally, specify some defaults. 1108 # countryName_default = US 1109 # stateOrProvinceName_default = MI 1110 # localityName_default = Oak Park 1111 # 0.organizationName_default = HTT Consulting 1112 # organizationalUnitName_default = 1114 [ req_ext ] 1115 subjectAltName = $ENV::subjectAltName 1117 [ v3_ca ] 1118 # Extensions for a typical CA (`man x509v3_config`). 1119 subjectKeyIdentifier = hash 1120 authorityKeyIdentifier = keyid:always,issuer 1121 basicConstraints = critical, CA:true 1122 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1123 keyUsage = critical, cRLSign, keyCertSign 1124 subjectAltName = $ENV::subjectAltName 1126 [ v3_intermediate_ca ] 1127 # Extensions for a typical intermediate CA (`man x509v3_config`). 1128 subjectKeyIdentifier = hash 1129 authorityKeyIdentifier = keyid:always,issuer 1130 basicConstraints = critical, CA:true, pathlen:0 1131 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1132 keyUsage = critical, cRLSign, keyCertSign 1134 [ crl_ext ] 1135 # Extension for CRLs (`man x509v3_config`). 1137 authorityKeyIdentifier=keyid:always 1139 [ ocsp ] 1140 # Extension for OCSP signing certificates (`man ocsp`). 1141 basicConstraints = CA:FALSE 1142 subjectKeyIdentifier = hash 1143 authorityKeyIdentifier = keyid,issuer 1144 keyUsage = critical, digitalSignature 1145 extendedKeyUsage = critical, OCSPSigning 1146 1148 A.2. OpenSSL Intermediate config file 1150 The following is the openssl-intermediate.cnf file contents. 1152 Remove the crlDistributionPoints to drop CRL support and 1153 authorityInfoAccess to drop OCSP support. 1155 # OpenSSL intermediate CA configuration file. 1156 # Copy to `$dir/intermediate/openssl-intermediate.cnf`. 1158 [ ca ] 1159 # `man ca` 1160 default_ca = CA_default 1162 [ CA_default ] 1163 # Directory and file locations. 1164 dir = $ENV::intdir 1165 cadir = $ENV::cadir 1166 format = $ENV::format 1168 certs = $dir/certs 1169 crl_dir = $dir/crl 1170 new_certs_dir = $dir/newcerts 1171 database = $dir/index.txt 1172 serial = $dir/serial 1173 RANDFILE = $dir/private/.rand 1175 # The Intermediate key and Intermediate certificate. 1176 private_key = $dir/private/intermediate.key.$format 1177 certificate = $cadir/certs/intermediate.cert.$format 1179 # For certificate revocation lists. 1180 crlnumber = $dir/crlnumber 1181 crl = $dir/crl/intermediate.crl.pem 1182 crl_extensions = crl_ext 1183 default_crl_days = $ENV::default_crl_days 1184 # SHA-1 is deprecated, so use SHA-2 instead. 1185 default_md = sha256 1187 name_opt = ca_default 1188 cert_opt = ca_default 1189 default_days = 375 1190 preserve = no 1191 policy = policy_loose 1192 copy_extensions = copy 1194 [ policy_strict ] 1195 # The root CA should only sign intermediate certificates that match. 1196 # See the POLICY FORMAT section of `man ca`. 1197 countryName = optional 1198 stateOrProvinceName = optional 1199 organizationName = optional 1200 organizationalUnitName = optional 1201 commonName = optional 1203 [ policy_loose ] 1204 # Allow the intermediate CA to sign a more 1205 # diverse range of certificates. 1206 # See the POLICY FORMAT section of the `ca` man page. 1207 countryName = optional 1208 stateOrProvinceName = optional 1209 localityName = optional 1210 organizationName = optional 1211 organizationalUnitName = optional 1212 commonName = optional 1213 UID = optional 1215 [ req ] 1216 # Options for the `req` tool (`man req`). 1217 default_bits = 2048 1218 distinguished_name = req_distinguished_name 1219 string_mask = utf8only 1220 req_extensions = req_ext 1222 # SHA-1 is deprecated, so use SHA-2 instead. 1223 default_md = sha256 1225 # Extension to add when the -x509 option is used. 1226 x509_extensions = v3_ca 1228 [ req_distinguished_name ] 1229 # See . 1230 countryName = Country Name (2 letter code) 1231 stateOrProvinceName = State or Province Name 1232 localityName = Locality Name 1233 0.organizationName = Organization Name 1234 organizationalUnitName = Organizational Unit Name 1235 commonName = Common Name 1236 UID = User ID 1238 # Optionally, specify some defaults. 1239 # countryName_default = US 1240 # stateOrProvinceName_default = MI 1241 # localityName_default = Oak Park 1242 # 0.organizationName_default = HTT Consulting 1243 # organizationalUnitName_default = 1245 [ req_ext ] 1246 subjectAltName = $ENV::subjectAltName 1248 [ v3_ca ] 1249 # Extensions for a typical CA (`man x509v3_config`). 1250 subjectKeyIdentifier = hash 1251 authorityKeyIdentifier = keyid:always,issuer 1252 basicConstraints = critical, CA:true 1253 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1254 keyUsage = critical, cRLSign, keyCertSign 1256 [ v3_intermediate_ca ] 1257 # Extensions for a typical intermediate CA (`man x509v3_config`). 1258 subjectKeyIdentifier = hash 1259 authorityKeyIdentifier = keyid:always,issuer 1260 basicConstraints = critical, CA:true, pathlen:0 1261 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1262 keyUsage = critical, cRLSign, keyCertSign 1264 [ usr_cert ] 1265 # Extensions for client certificates (`man x509v3_config`). 1266 basicConstraints = CA:FALSE 1267 nsCertType = client, email 1268 nsComment = "OpenSSL Generated Client Certificate" 1269 subjectKeyIdentifier = hash 1270 authorityKeyIdentifier = keyid,issuer 1271 keyUsage = critical,nonRepudiation,digitalSignature,keyEncipherment 1272 extendedKeyUsage = clientAuth, emailProtection 1273 # uncomment the following if the ENV variables set 1274 # crlDistributionPoints = $ENV::crlDP 1275 # authorityInfoAccess = $ENV::ocspIAI 1277 [ server_cert ] 1278 # Extensions for server certificates (`man x509v3_config`). 1279 basicConstraints = CA:FALSE 1280 nsCertType = server 1281 nsComment = "OpenSSL Generated Server Certificate" 1282 subjectKeyIdentifier = hash 1283 authorityKeyIdentifier = keyid,issuer:always 1284 keyUsage = critical, digitalSignature, keyEncipherment 1285 extendedKeyUsage = serverAuth 1286 # uncomment the following if the ENV variables set 1287 # crlDistributionPoints = $ENV::crlDP 1288 # authorityInfoAccess = $ENV::ocspIAI 1290 [ crl_ext ] 1291 # Extension for CRLs (`man x509v3_config`). 1292 authorityKeyIdentifier=keyid:always 1294 [ ocsp ] 1295 # Extension for OCSP signing certificates (`man ocsp`). 1296 basicConstraints = CA:FALSE 1297 subjectKeyIdentifier = hash 1298 authorityKeyIdentifier = keyid,issuer 1299 keyUsage = critical, digitalSignature 1300 extendedKeyUsage = critical, OCSPSigning 1301 1303 A.3. OpenSSL 802.1AR Intermediate config file 1305 The following is the openssl-8021ARintermediate.cnf file contents. 1307 Remove the crlDistributionPoints to drop CRL support and 1308 authorityInfoAccess to drop OCSP support. 1310 # OpenSSL 8021ARintermediate CA configuration file. 1311 # Copy to `$dir/8021ARintermediate/openssl-8021ARintermediate.cnf`. 1313 [ ca ] 1314 # `man ca` 1315 default_ca = CA_default 1317 [ CA_default ] 1318 # Directory and file locations. 1319 # dir = /root/ca/8021ARintermediate 1320 dir = $ENV::dir 1321 cadir = $ENV::cadir 1322 format = $ENV::format 1324 certs = $dir/certs 1325 crl_dir = $dir/crl 1326 new_certs_dir = $dir/newcerts 1327 database = $dir/index.txt 1328 serial = $dir/serial 1329 RANDFILE = $dir/private/.rand 1331 # The root key and root certificate. 1332 private_key = $dir/private/8021ARintermediate.key.$format 1333 certificate = $dir/certs/8021ARintermediate.cert.$format 1335 # For certificate revocation lists. 1336 crlnumber = $dir/crlnumber 1337 crl = $dir/crl/ca.crl.pem 1338 crl_extensions = crl_ext 1339 default_crl_days = $ENV::default_crl_days 1341 # SHA-1 is deprecated, so use SHA-2 instead. 1342 default_md = sha256 1344 name_opt = ca_default 1345 cert_opt = ca_default 1346 default_enddate = 99991231235959Z # per IEEE 802.1AR 1347 preserve = no 1348 policy = policy_loose 1349 copy_extensions = copy 1351 [ policy_strict ] 1352 # The root CA should only sign 8021ARintermediate 1353 # certificates that match. 1354 # See the POLICY FORMAT section of `man ca`. 1355 countryName = match 1356 stateOrProvinceName = match 1357 organizationName = match 1358 organizationalUnitName = optional 1359 commonName = optional 1361 [ policy_loose ] 1362 # Allow the 8021ARintermediate CA to sign 1363 # a more diverse range of certificates. 1364 # See the POLICY FORMAT section of the `ca` man page. 1365 countryName = optional 1366 stateOrProvinceName = optional 1367 localityName = optional 1368 organizationName = optional 1369 organizationalUnitName = optional 1370 commonName = optional 1371 serialNumber = optional 1373 [ req ] 1374 # Options for the `req` tool (`man req`). 1375 default_bits = 2048 1376 distinguished_name = req_distinguished_name 1377 string_mask = utf8only 1378 req_extensions = req_ext 1380 # SHA-1 is deprecated, so use SHA-2 instead. 1381 default_md = sha256 1383 # Extension to add when the -x509 option is used. 1384 x509_extensions = v3_ca 1386 [ req_distinguished_name ] 1387 # See . 1388 countryName = Country Name (2 letter code) 1389 stateOrProvinceName = State or Province Name 1390 localityName = Locality Name 1391 0.organizationName = Organization Name 1392 organizationalUnitName = Organizational Unit Name 1393 commonName = Common Name 1394 serialNumber = Device Serial Number 1396 # Optionally, specify some defaults. 1397 0.organizationName_default = HTT Consulting 1398 organizationalUnitName_default = Devices 1400 [ req_ext ] 1401 subjectAltName = $ENV::subjectAltName 1403 [ hmodname ] 1404 hwType = OID:$ENV::hwType 1405 hwSerialNum = FORMAT:HEX,OCT:$ENV::hwSerialNum 1407 [ v3_ca ] 1408 # Extensions for a typical CA (`man x509v3_config`). 1409 subjectKeyIdentifier = hash 1410 authorityKeyIdentifier = keyid:always,issuer 1411 basicConstraints = critical, CA:true 1412 keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1414 [ v3_8021ARintermediate_ca ] 1415 # Extensions for a typical 1416 # 8021ARintermediate CA (`man x509v3_config`). 1417 subjectKeyIdentifier = hash 1418 authorityKeyIdentifier = keyid:always,issuer 1419 basicConstraints = critical, CA:true, pathlen:0 1420 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1421 keyUsage = critical, cRLSign, keyCertSign 1423 [ 8021ar_idevid ] 1424 # Extensions for IEEE 802.1AR iDevID 1425 # certificates (`man x509v3_config`). 1426 basicConstraints = CA:FALSE 1427 authorityKeyIdentifier = keyid,issuer:always 1428 keyUsage = critical, digitalSignature, keyEncipherment 1429 # uncomment the following if the ENV variables set 1430 # crlDistributionPoints = $ENV::crlDP 1431 # authorityInfoAccess = $ENV::ocspIAI 1433 [ crl_ext ] 1434 # Extension for CRLs (`man x509v3_config`). 1435 authorityKeyIdentifier=keyid:always 1437 [ ocsp ] 1438 # Extension for OCSP signing certificates (`man ocsp`). 1439 basicConstraints = CA:FALSE 1440 subjectKeyIdentifier = hash 1441 authorityKeyIdentifier = keyid,issuer 1442 keyUsage = critical, digitalSignature 1443 extendedKeyUsage = critical, OCSPSigning 1444 1446 Authors' Addresses 1448 Robert Moskowitz 1449 HTT Consulting 1451 Oak Park, MI 48237 1453 Email: rgm@labs.htt-consult.com 1455 Henk Birkholz 1456 Fraunhofer SIT 1457 Rheinstrasse 75 1458 Darmstadt 64295 1459 Germany 1461 Email: henk.birkholz@sit.fraunhofer.de 1463 Liang Xia 1464 Huawei 1465 No. 101, Software Avenue, Yuhuatai District 1466 Nanjing 1467 China 1469 Email: Frank.xialiang@huawei.com 1470 Michael C. Richardson 1471 Sandelman Software Works 1473 Email: mcr+ietf@sandelman.ca 1474 URI: http://www.sandelman.ca/